How can I tell if API key is good?

[Dave Platt]

When I make a call to the V3 api, I include my API key as a header. How can I tell from the response whether I have presented the API key properly, that it is valid, and that it has been used by the service? Is there some sort of response header or other mechanism? Tx

[Developer at MBTA]

Hi, you will get a 403 error response if you pass an API key correctly but it is not valid. We currently have no explicit indication of whether you've passed the API key correctly, but you can infer this by looking at the x-ratelimit-limit response header as documented here. If you are not passing the key correctly, this will be 20, the rate limit for anonymous requests. Otherwise it will be the rate limit for the key (usually 1000) as indicated on the API portal.

—Developer@MBTA